A National ID Card by Stealth? The BC Services Card: Privacy Risks, Opportunities and Alternatives

For the last several years, British Columbia has been developing the technical infrastructure and legal framework for a comprehensive integrated identity system as part of its “technology and transformation” approach to governance. Otherwise known as “Government 2.0” or e-government, this approach seeks to aggregate the personal information of citizens held in discrete government databases for maximal data linking and sharing across government jurisdictions and with the private sector.

The BC Services Card is the latest in a series of major information technology projects that are part of the Gov 2.0 mandate. It is a mandatory provincial ID card that enables access to a range of government services, beginning with health care and driver licencing. The BC Services Card is a key element of unprecedented changes in the way the province collects, accesses and shares personal information, including highly sensitive health information, amongst departments, agencies and even private contractors. The card is just part of BC’s wide-ranging vision for integrated identity and information management—a vision that scales and interoperates on a federal level.

In addition to the well known risk of security breaches associated with such identity systems, there are privacy-related questions and civil liberties concerns. This report examines the normative, technical and policy implications of the BC Services Card. It echoes the Information and Privacy Commissioner for BC’s call for broad and meaningful public consultation before Phase II of the card program is implemented. It concludes with recommendations for how British Columbia can design an identity system that is secure, privacy-protective, trusted and fit for purpose.